The new attack emails use something call I like to call a Stactic (scare tactic), and are coming from what appears to be large law firms throughout the country. The email intends to confuse the reader by calling for an appearance in court as a defendant in a pirated software case. Example:

Previous Zbot attacks did not trigger a visible event when the victim opened the message. The trojan would infect the system and render it vulnerable to every possible hijack, but the user would never see anything on the screen.

The new Zbot attack issues this “error” message:

This message attempts to distract the user from what is really happening in the background. It's amateurish, but it could be enough to keep some users from investigating further.

After a successful installation, Zbot begins monitoring computer behavior for visits to financial institutions. If the malware detects a bank, credit union, or other viable target, it will then monitor keystrokes and take screen shots in order to capture the relevant credentials.

As always, you should not open an email if you are unfamiliar with the sender or if it looks suspicious in any way. If you notice something suspicious, you should delete the message, mark it as spam, or consult with someone in tech support. In this case, you can be sure that if you are really being called in to court, you will receive more than an email.

Barracuda Real Time Protection System protects against these emails and the malware destination/control servers.

Christine Barry is Senior Chief Blogger and Social Media Manager at Barracuda. In this role, she helps bring Barracuda stories to life and facilitate communication between the public and Barracuda internal teams. Prior to joining Barracuda, Christine was a field engineer and project manager for K12 and SMB clients for over 15 years. She holds several technology credentials, a Bachelor of Arts, and a Master of Business Administration. She is a graduate of the University of Michigan.